Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(267)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/platform/vboot_reference/include/firmware_image.h

Issue 1241002: VBoot Reference: Add version checking to for preventing rollbacks. (Closed)
Patch Set: . Created 10 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/platform/vboot_reference/common/tlcl_stub.c ('k') | src/platform/vboot_reference/include/rollback_index.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
2 * Use of this source code is governed by a BSD-style license that can be 2 * Use of this source code is governed by a BSD-style license that can be
3 * found in the LICENSE file. 3 * found in the LICENSE file.
4 * 4 *
5 * Data structure and API definitions for a verified boot firmware image. 5 * Data structure and API definitions for a verified boot firmware image.
6 */ 6 */
7 7
8 #ifndef VBOOT_REFERENCE_FIRMWARE_IMAGE_H_ 8 #ifndef VBOOT_REFERENCE_FIRMWARE_IMAGE_H_
9 #define VBOOT_REFERENCE_FIRMWARE_IMAGE_H_ 9 #define VBOOT_REFERENCE_FIRMWARE_IMAGE_H_
10 10
11 #include <inttypes.h> 11 #include <inttypes.h>
12 12
13 #include "rsa.h" 13 #include "rsa.h"
14 #include "sha.h" 14 #include "sha.h"
15 15
16 #define FIRMWARE_MAGIC "CHROMEOS" 16 #define FIRMWARE_MAGIC "CHROMEOS"
17 #define FIRMWARE_MAGIC_SIZE 8 17 #define FIRMWARE_MAGIC_SIZE 8
18 #define FIRMWARE_PREAMBLE_SIZE 8 18 #define FIRMWARE_PREAMBLE_SIZE 8
19 19
20 /* RSA 8192 and SHA-512. */ 20 /* RSA 8192 and SHA-512. */
21 #define ROOT_SIGNATURE_ALGORITHM 11 21 #define ROOT_SIGNATURE_ALGORITHM 11
22 #define ROOT_SIGNATURE_ALGORITHM_STRING "11" 22 #define ROOT_SIGNATURE_ALGORITHM_STRING "11"
23 23
24 typedef struct FirmwareImage { 24 typedef struct FirmwareImage {
25 uint8_t magic[FIRMWARE_MAGIC_SIZE]; 25 uint8_t magic[FIRMWARE_MAGIC_SIZE];
26 /* Key Header */ 26 /* Key Header */
27 uint16_t header_len; /* Length of the header. */ 27 uint16_t header_len; /* Length of the header. */
28 uint16_t firmware_sign_algorithm; /* Signature algorithm used by the signing 28 uint16_t firmware_sign_algorithm; /* Signature algorithm used by the signing
29 * key. */ 29 * key. */
30 uint16_t firmware_key_version; /* Key Version# for preventing rollbacks. */
30 uint8_t* firmware_sign_key; /* Pre-processed public half of signing key. */ 31 uint8_t* firmware_sign_key; /* Pre-processed public half of signing key. */
31 uint16_t firmware_key_version; /* Key Version# for preventing rollbacks. */
32 uint8_t header_checksum[SHA512_DIGEST_SIZE]; /* SHA-512 hash of the header.*/ 32 uint8_t header_checksum[SHA512_DIGEST_SIZE]; /* SHA-512 hash of the header.*/
33 33
34 uint8_t firmware_key_signature[RSA8192NUMBYTES]; /* Signature of the header 34 uint8_t firmware_key_signature[RSA8192NUMBYTES]; /* Signature of the header
35 * above. */ 35 * above. */
36 36
37 /* Firmware Preamble. */ 37 /* Firmware Preamble. */
38 uint16_t firmware_version; /* Firmware Version# for preventing rollbacks.*/ 38 uint16_t firmware_version; /* Firmware Version# for preventing rollbacks.*/
39 uint64_t firmware_len; /* Length of the rest of the R/W firmware data. */ 39 uint64_t firmware_len; /* Length of the rest of the R/W firmware data. */
40 uint8_t preamble[FIRMWARE_PREAMBLE_SIZE]; /* Remaining preamble data.*/ 40 uint8_t preamble[FIRMWARE_PREAMBLE_SIZE]; /* Remaining preamble data.*/
41 41
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after
106 void PrintFirmwareImage(const FirmwareImage* image); 106 void PrintFirmwareImage(const FirmwareImage* image);
107 107
108 /* Error Codes for VerifyFirmware* family of functions. */ 108 /* Error Codes for VerifyFirmware* family of functions. */
109 #define VERIFY_FIRMWARE_SUCCESS 0 109 #define VERIFY_FIRMWARE_SUCCESS 0
110 #define VERIFY_FIRMWARE_INVALID_IMAGE 1 110 #define VERIFY_FIRMWARE_INVALID_IMAGE 1
111 #define VERIFY_FIRMWARE_ROOT_SIGNATURE_FAILED 2 111 #define VERIFY_FIRMWARE_ROOT_SIGNATURE_FAILED 2
112 #define VERIFY_FIRMWARE_INVALID_ALGORITHM 3 112 #define VERIFY_FIRMWARE_INVALID_ALGORITHM 3
113 #define VERIFY_FIRMWARE_PREAMBLE_SIGNATURE_FAILED 4 113 #define VERIFY_FIRMWARE_PREAMBLE_SIGNATURE_FAILED 4
114 #define VERIFY_FIRMWARE_SIGNATURE_FAILED 5 114 #define VERIFY_FIRMWARE_SIGNATURE_FAILED 5
115 #define VERIFY_FIRMWARE_WRONG_MAGIC 6 115 #define VERIFY_FIRMWARE_WRONG_MAGIC 6
116 #define VERIFY_FIRMWARE_MAX 7 /* Generic catch-all. */ 116 #define VERIFY_FIRMWARE_WRONG_HEADER_CHECKSUM 7
117 #define VERIFY_FIRMWARE_KEY_ROLLBACK 8
118 #define VERIFY_FIRMWARE_VERSION_ROLLBACK 9
119 #define VERIFY_FIRMWARE_MAX 10 /* Total number of error codes. */
117 120
118 extern char* kVerifyFirmwareErrors[VERIFY_FIRMWARE_MAX]; 121 extern char* kVerifyFirmwareErrors[VERIFY_FIRMWARE_MAX];
119 122
120 /* Checks for the sanity of the firmware header pointed by [header_blob]. 123 /* Checks for the sanity of the firmware header pointed by [header_blob].
121 * If [dev_mode] is enabled, also checks the root key signature using the 124 * If [dev_mode] is enabled, also checks the root key signature using the
122 * pre-processed public root key [root_key_blob]. 125 * pre-processed public root key [root_key_blob].
123 * 126 *
124 * On success, put signature algorithm in [algorithm], header length 127 * On success, put signature algorithm in [algorithm], header length
125 * in [header_len], and return 0. 128 * in [header_len], and return 0.
126 * Else, return error code on failure. 129 * Else, return error code on failure.
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after
191 */ 194 */
192 int AddFirmwareKeySignature(FirmwareImage* image, const char* root_key_file); 195 int AddFirmwareKeySignature(FirmwareImage* image, const char* root_key_file);
193 196
194 /* Add firmware and preamble signature to a firmware image [image] 197 /* Add firmware and preamble signature to a firmware image [image]
195 * using the private signing key in file [signing_key_file]. 198 * using the private signing key in file [signing_key_file].
196 * 199 *
197 * Return 1 on success, 0 on failure. 200 * Return 1 on success, 0 on failure.
198 */ 201 */
199 int AddFirmwareSignature(FirmwareImage* image, const char* signing_key_file); 202 int AddFirmwareSignature(FirmwareImage* image, const char* signing_key_file);
200 203
204 /* Returns the logical version of a firmware blob which is calculated as
205 * (firmware_key_version << 16 | firmware_version). */
206 uint32_t GetLogicalFirmwareVersion(uint8_t* firmware_blob);
207
208 #define BOOT_FIRMWARE_A_CONTINUE 1
209 #define BOOT_FIRMWARE_B_CONTINUE 2
210 #define BOOT_FIRMWARE_RECOVERY_CONTINUE 3
211
212 /* This function is the driver used by the RO firmware to
213 * determine which copy of the firmware to boot from. It performs
214 * the requisite rollback index checking, including updating them,
215 * if required.
216 *
217 * Returns the code path to follow. It is one of:
218 * BOOT_FIRMWARE_A_CONTINUE Boot from Firmware A
219 * BOOT_FIRMWARE_B_CONTINUE Boot from Firmware B
220 * BOOT_FIRMWARE_RECOVERY_CONTINUE Jump to recovery mode
221 */
222 int VerifyFirmwareDriver_f(uint8_t* root_key_blob,
223 uint8_t* firmwareA,
224 uint8_t* firmwareB);
225
201 #endif /* VBOOT_REFERENCE_FIRMWARE_IMAGE_H_ */ 226 #endif /* VBOOT_REFERENCE_FIRMWARE_IMAGE_H_ */
OLDNEW
« no previous file with comments | « src/platform/vboot_reference/common/tlcl_stub.c ('k') | src/platform/vboot_reference/include/rollback_index.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698